slivelight.exe.exe

Ukra-2006 LLC

This is the Amonetize download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application slivelight.exe.exe by Ukra-2006 has been detected as adware by 10 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. The setup program bundles adware offers using the Amonetize, a Pay-Per-Install (PPI) monetization and distribution download manager. The software offerings provided are based on the PC's geo-location at the time of install.
Publisher:
Ukra-2006 LLC  (signed and verified)

MD5:
c53816def73549a7852a47a941c176e5

SHA-1:
6c1d91cd18d2823185a27dd10af014ba417072c9

SHA-256:
b3a5708187d51752e8dc9905177bda2c73e23a8074ab935f65718b9e68360103

Scanner detections:
10 / 68

Status:
Adware

Explanation:
Bundles additional adware offers during download and installation using the OutBrowse installer.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/25/2024 5:15:09 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
Adware/Adlaod.ujad
7.11.212.246

avast!
OutBrowse-AH [PUP]
150101-1

AVG
OutBrowse
2016.0.3184

Dr.Web
Trojan.OutBrowse.90
9.0.1.05190

ESET NOD32
NSIS/TrojanDownloader.Adload.AL trojan
7.0.302.0

Fortinet FortiGate
W32/ADLOAD.AL!tr
3/1/2015

K7 AntiVirus
Unwanted-Program
13.1915119

Reason Heuristics
PUP.Amonetize
15.3.1.1

Sophos
PUA 'OutBrowse Revenyou'
5.11

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.3

File size:
90.8 KB (93,000 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup (using Nullsoft Install System)

Language:
Language Neutral

Common path:
C:\ProgramData\application data\windows vxm\program\slivelight.exe.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
1/11/2015 7:00:00 PM

Valid to:
1/12/2016 6:59:59 PM

Subject:
CN=Ukra-2006 LLC, O=Ukra-2006 LLC, L=Kharkiv, S=Kharkiv, C=UA

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
20110F4A7DB51E5FA070D8C28BEA8481

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:TpgpHzb9dZVX9fHMvG0D3XJdPYXnj3WCW2EW58A4Romu/TYIkqIzjbanyUXZf2mT:9gXdZt9P6D3XJunj3WCW2EW5x45pI5Ke

Entry address:
0x30FA

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 18, EC, 42, 00, E8, F1, 2B, 00, 00, A3, 64, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 98, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 60, E3, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.1086

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

Remove slivelight.exe.exe - Powered by Reason Core Security